[PPT] - Modern Web Access Management Zero Trust Security from onpremises to PowerPoint Presentation

SLIDE 1

Modern Web Access Management ‐ Zero Trust Security ‐ from on‐premises to the Cloud

Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and in the Cloud

SLIDE 2

2

www.idfconnect.com

Agenda

1.Zero Trust Web Access Management 2.The Access Management Transformation – moving applications from the data center to the Cloud with Zero Trust Security

SLIDE 3

3

www.idfconnect.com

Part 1 – Zero Trust Web Access Management

SLIDE 4

4

www.idfconnect.com

Why Web Access Management?

Ensure EVERY request is vetted and scored before ever touching your application (Use a “Zero Trust” Architecture) Ensure EVERY request is vetted and scored before ever touching your application (Use a “Zero Trust” Architecture) Central enforcement and audit of access policies and activity Central enforcement and audit of access policies and activity Continuous Authentcation, Single Sign On, Session Management,and across all apps EVERYWHERE Continuous Authentcation, Single Sign On, Session Management,and across all apps EVERYWHERE

SLIDE 5

5

www.idfconnect.com

SSO‐ Integrated Apps

Access Mgmt Agent / Proxy

SSO‐ Integrated Apps

Access Mgmt Agent / Proxy

SSO‐ Integrated Apps

Access Mgmt Agent / Proxy

Access Manager

Local Users Local Users

Access Management Traffic (vendor‐specific) Active Directory Database, etc. LDAP

Applications in the Traditional Data Center

SLIDE 6

6

www.idfconnect.com

Server‐side Application Integration AJAX / Mobile / Thick Client Application Integration Applications in the Cloud Access Management as‐a‐Service "Agent‐less" Infrastructure

Use Cases

5 Modern Access Management Challenges

SLIDE 7

7

www.idfconnect.com

Authentication Management Access Control Enforcement Single Sign On Risk Scoring & Analytics Session Management Centralized Audit

Web Access Management

06 01 02 03 04 05

A Complete Zero Trust Access Management Solution

SLIDE 8

8

www.idfconnect.com

Centralized Audit Centralized Audit

Common Access Management Gaps in the Cloud

Authentication Management Access Control Enforcement Single Sign On Idle Session Timeout Session Maximum Time‐to‐Live

01 03 06

Session Management Risk Scoring & Analytics Access Control Enforcement

02

Web Access Management (Gaps in the Cloud)

04 05

SLIDE 9

9

www.idfconnect.com

The IDF Connect Solution – SSO/Rest

A B C D

SSO/Rest combines existing and emerging technologies to extend the perimeter of your IAM solution safely and securely into your public Cloud platforms

SSO/Rest!

Rest based‐ lightweight Risk scoring, strong authentication Easy to use, handles latency, transparent…. Modern engineering –

rchestration, metrics, analytics

SLIDE 10

10

www.idfconnect.com

But… is this just Federation?

NO! Ticket

r Claims‐

based approaches are not enough:

Continuous authentication Perimeter access management Block attacks before they touch your applications Application security alone is not enough

SLIDE 11

11

www.idfconnect.com

Remember: Federation is NOT the Same as Web Access Management

Federation Web Access Management (WAM)

One‐time handoff from partner IDP Limited logout capability Perimeter Defense Audit Access control

www.yourwebsite.com future business

Policy Enforcement Point (PEP) Policy Decision Point (PDP)

www.yourwebsite.com future business

Authentication

Session lifecycle management

SLIDE 12

12

www.idfconnect.com

IIS HTML5

XML Cloud CSS3

Proven Success Stories

Seamless and Secure Integration

Fortune 50 retail company makes an acquisition, and has seamlessly and securely integrated the new web apps with its eCommerce portal, without having to bring the apps in‐house

r creating a VPN to the new company

Successfully Moving .Net applications to Microsoft Azure

Fortune 50 finance company successfully moves its .Net applications to Microsoft Azure while preserving all of its SSO integrations, authentication and access policies, and audit capabilities

js

PHP

Acquired Company Existing Web Apps

.NET

.Net Applications Microsoft Azure

C#

eCommerce Portal

ASP.NET

SLIDE 13

13

www.idfconnect.com

You should be interested in this technology if…

You have an existing SSO/WAM solution and are moving applications to the Cloud
You want or need the assurance that every request is VETTED and SCORED before

ever touching your application

You require fine grained access controls and centralized policy management
You require a complete audit trail of end‐user activity within a given session
You need a web access management solution that is modern and leverages today’s

tools and capabilities (e.g. ELK, Docker, Kubernetes)

You are interesting in offering Web Access Management as a managed service
You have an API Gateway and want a modern Policy Decision Point for its Auth &

Auth requirements

You are building rich applications (mobile, AJAX) and require web services for all

manner of seamless access management integrations

SLIDE 14

14

www.idfconnect.com

Part 2 The Access Management Transformation

Moving applications from the data center to the Cloud with Zero Trust Security

SLIDE 15

15

www.idfconnect.com

Data Center

1 Application in the Cloud

IDF Connect SSO/Rest Plugin SSO/Rest Plugin (JSON over HTTPS)

IDF Connect SSO/Rest Gateway

Policy Decision Point External Firewall Internal Firewall Application SSO integration requests to SSO/Rest (optional) Browser AJAX SSO integration requests to SSO/Rest (optional) Browser HTTP(s) requests to application PEP to PDP Traffic

SSO/Rest w/

XACML engine

CA SSO
Oracle AM
OpenAM

Zero Trust Security in any Cloud

SLIDE 16

16

www.idfconnect.com

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

Policy Enforcement Point

SSO‐ Integrated Apps

Policy Enforcement Point

Policy Decision Point

Local Users Local Users

SSO/Rest Plugin (JSON over HTTPS) Active Directory Database, etc. LDAP IDF Connect SSO/Rest Gateway

Data Center

SLIDE 17

17

www.idfconnect.com

SSO‐ Integrated Apps

Policy Enforcement Point

SSO‐ Integrated Apps

Policy Enforcement Point

Policy Decision Point

Local Users Local Users

SSO/Rest Plugin (JSON over HTTPS) Active Dir, Database etc. LDAP IDF Connect SSO/Rest Gateway SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

Data Center Cloud Platform

SLIDE 18

18

www.idfconnect.com

SSO‐ Integrated Apps

Policy Enforcement Point

Policy Decision Point

Local Users Local Users

Active Dir, Database etc. LDAP IDF Connect SSO/Rest Gateway

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin XACML Policy Store SSO/Rest XACML queries Policy Evaluation SSO/Rest Plugin (JSON over HTTPS)

SLIDE 19

19

www.idfconnect.com

SSO‐ Integrated Apps

Policy Enforcement Point

Policy Decision Point

Local Users Local Users

Active Dir, Databases, etc.

LDAP IDF Connect SSO/Rest Gateway

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin XACML Policy Store SSO/Rest XACML queries Policy Evaluation SSO/Rest Plugin (JSON over HTTPS) Authentication Session tokens only!

SLIDE 20

20

www.idfconnect.com

SSO‐ Integrated Apps

Policy Enforcement Point

Policy Decision Point Local Users Local Users

Active Dir, Database, etc.

LDAP IDF Connect SSO/Rest Gateway

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin XACML Policy Store

SSO/Rest XACML queries

Policy Evaluation

SSO/Rest Plugin (JSON over HTTPS)

Authentication Session tokens only! Cloud Multi‐Factor Authentication Cloud Directory / IDaaS Provider

SLIDE 21

21

www.idfconnect.com

Policy Decision Point Local Users Local Users

Active Dir, Database, etc.

LDAP IDF Connect SSO/Rest Gateway

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin XACML Policy Store

SSO/Rest XACML queries

Policy Evaluation

SSO/Rest Plugin (JSON over HTTPS)

Authentication Session tokens only! Cloud Multi‐Factor Authentication Cloud Directory / IDaaS Provider

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SLIDE 22

22

www.idfconnect.com

IDF Connect SSO/Rest Gateway

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin XACML Policy Store

SSO/Rest XACML queries

Policy Evaluation

SSO/Rest Plugin (JSON over HTTPS)

Authentication Cloud Multi‐ Factor Authentication Cloud Directory / IDaaS Provider

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SLIDE 23

23

www.idfconnect.com

Data Center

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin

SSO/Rest Plugin (JSON over HTTPS)

Cloud Multi‐ Factor Authentication Cloud Directory / IDaaS Provider

SSO‐ Integrated Apps

IDF Connect SSO/Rest Plugin Cloud Access Management Service

Complete enterprise‐grade IAM‐as‐a‐Service!

SLIDE 24

24

www.idfconnect.com

Platform support

Web Servers: App Servers: Web services for all manner of integrations App Platforms: …and other thick clients!

SLIDE 25

THANK YOU!

For More Information, Please Visit

IDF Connect, Inc.

2207 Concord Pike #359 Wilmington, DE 19803

Phone: (888) 765‐1611 Fax: (888) 765‐7284 www.idfconnect.com www.linkedin.com/in/rsand @IDFConnect www.facebook.com/IDFConnect @rsand2 Turn SSO/Rest into your Enterprise 2‐ Factor Auth Solution with SSO/MobileKey. For more details visit www.idfconnect.com/products/sso‐ mobilekey/ Also check out our other products: www.idfconnect.com/products